Patchwork [2/2,natty,CVE,2/2] Change check_ruid flag to a more reasonable type

login
register
mail settings
Submitter John Johansen
Date Aug. 11, 2011, 7:44 a.m.
Message ID <1313048697-23240-2-git-send-email-john.johansen@canonical.com>
Download mbox | patch
Permalink /patch/109563/
State New
Headers show

Comments

John Johansen - Aug. 11, 2011, 7:44 a.m.
The first interation of the patch for the check ruid flag at mount time
flag returned a full uid.  However the revised patch used the check_ruid
parameter solely as a boolean flag, but missed fixing the parameters type.

Change the parameter type to int instead of uid_t.

CVE-2011-1833
BugLink: http://bugs.launchpad.net/bugs/732628

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 fs/ecryptfs/main.c |    5 ++---
 1 files changed, 2 insertions(+), 3 deletions(-)
Tim Gardner - Aug. 11, 2011, 5:54 p.m.
On 08/11/2011 01:44 AM, John Johansen wrote:
> The first interation of the patch for the check ruid flag at mount time
> flag returned a full uid.  However the revised patch used the check_ruid
> parameter solely as a boolean flag, but missed fixing the parameters type.
>
> Change the parameter type to int instead of uid_t.
>
> CVE-2011-1833
> BugLink: http://bugs.launchpad.net/bugs/732628
>
> Signed-off-by: John Johansen<john.johansen@canonical.com>
> ---
>   fs/ecryptfs/main.c |    5 ++---
>   1 files changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
> index adc54c2..f236d09 100644
> --- a/fs/ecryptfs/main.c
> +++ b/fs/ecryptfs/main.c
> @@ -296,7 +296,7 @@ static void ecryptfs_init_mount_crypt_stat(
>    * Returns zero on success; non-zero on error
>    */
>   static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
> -				  uid_t *check_ruid)
> +				  int *check_ruid)
>   {
>   	char *p;
>   	int rc = 0;
> @@ -525,8 +525,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags
>   	const char *err = "Getting sb failed";
>   	struct inode *inode;
>   	struct path path;
> -	uid_t check_ruid;
> -	int rc;
> +	int rc, check_ruid;
>
>   	sbi = kmem_cache_zalloc(ecryptfs_sb_info_cache, GFP_KERNEL);
>   	if (!sbi) {

I think this is unnecessary.

Patch

diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index adc54c2..f236d09 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -296,7 +296,7 @@  static void ecryptfs_init_mount_crypt_stat(
  * Returns zero on success; non-zero on error
  */
 static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
-				  uid_t *check_ruid)
+				  int *check_ruid)
 {
 	char *p;
 	int rc = 0;
@@ -525,8 +525,7 @@  static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags
 	const char *err = "Getting sb failed";
 	struct inode *inode;
 	struct path path;
-	uid_t check_ruid;
-	int rc;
+	int rc, check_ruid;
 
 	sbi = kmem_cache_zalloc(ecryptfs_sb_info_cache, GFP_KERNEL);
 	if (!sbi) {